eShowMail System Data Security
The eShowMail system enables exhibitors to send pre and post show marketing emails to an event’s attendee list while protecting the attendees’ contact information from misuse. To put it simply, exhibitors never see the attendee list. Their information is protected within the eShowMail system through encryption and by limiting access to the system.
Data Storage
The only information we require to send an email is the attendee’s email address. To secure this data within our database, we store the email addresses in a Relational MySQL table in an encrypted form using an algorithm developed using the Java Cryptography Architecture (JCA)[1]. The algorithm is show unique so the same email address will be stored differently for each show.
System Access
Only Event Technologies employees have access to our system. Customers, exhibitors and attendees are never given access. In addition, logging into the eShowMail system by Event Technologies’ personnel requires that three (3) variables be entered: (User ID, Password, and Security Code.) This makes guessing the login orders of magnitude harder than the normal two (2) variables. If our system is hacked, there is no ability to export information out of our application.
Data Retention
Any data that is entrusted to us by our clients is kept secure and deleted as soon as it is no longer required. Show data is typically deleted within 30 days of the close of the event unless otherwise specified. This includes attached files that have been emailed to us that contain attendee and exhibitor contact information. These files are typically deleted as soon as information is uploaded.
System Hosting
The Event Technologies system is hosted at GoDaddy in Phoenix, AZ using a managed dedicated server that is backed up nightly. The system utilizes Rdb Guard as a means of detecting malicious attempts to gain access to the system from non-authorized users.
Results
Event Technologies has been sending emails on behalf of satisfied clients since 2010. We have never experienced a data breach and have never shared customer data with any third party during this period.
[1] We are available to discuss the Class Files used and other general implementation approaches by phone should the customers’ IT organization require but do not provide that information in writing for security reasons.
